This article applies to:
- MailMarshal SMTP 4.x
- MailMarshal SMTP 5.x
- MailMarshal Exchange 5.x
Symptoms:
- MailMarshal vulnerability to Directory Traversal attacks
- Note that the issue is fixed in all currently supported versions
Causes:
A vulnerability exists in the Info-zip unpacking utility that is used in the named versions of the MailMarshal product line. By properly exploiting this issue an attacker could bypass the content checking technology of MailMarshal and install and execute malicious software on the MailMarshal server.
The vulnerability was discovered while testing MailMarshal SMTP. An attacker could potentially exploit a vulnerability in the Info-zip utility used by MailMarshal to un-compress certain compressed files. This Directory Traversal attack would allow an attacker to overwrite files in the MailMarshal program installation folder or system folders.
This vulnerability would allow the installation and execution of malicious software on the MailMarshal server.
This vulnerability has also been reported on the Info-zip site at:
Marshal has confirmed the vulnerability exists in the products named.
Resolution:
Note that the issue is fixed in all currently supported versions of Trustwave MailMarshal (SEG) and Trustwave ECM/MailMarshal Exchange
To fully resolve these issues, upgrade to the latest version of MailMarshal SMTP or MailMarshal Exchange.
These issues were first resolved in the following releases:
- MailMarshal Exchange 5.2
- MailMarshal SMTP 6.1.4
Workaround:
If you cannot upgrade immediately, to eliminate this vulnerability, take one of these two actions:
- Run the MailMarshal Engine service using a Microsoft Windows account that has no rights to create files or folders outside of the MailMarshal unpacking folders. This solution requires folder security to be set correctly on all other folders on the server.
- Create a separate disk partition (drive letter) used only for the MailMarshal unpacking folders. This solution will prevent unpacking applications from creating any files in a location outside the unpacking folder. This solution has the added benefit of improving MailMarshal performance.
Threat Assessment
This vulnerability represents a serious potential threat to the security of MailMarshal servers and the networks they protect.
Note: Marshal is not aware of any active attempts against or customer impacts from this vulnerability.
Credit
Marshal appreciates the cooperation of Mike Garratt (mg.security@evn.co.nz) in identifying this issue.
Marshal Product Security Contact Information
Trustwave takes the security and proper functionality of its products very seriously. Please contact mpltacsupport@trustwave.com if you feel you have discovered a potential or actual security issue with a Marshal product.
- This article was previously published as:
- NETIQKB39990